Fix problems reported by Michael Van Damme

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1399 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-06-15 03:41:26 +00:00 · 2004-06-15 03:41:26 +00:00 · d5d0e7fe85
commit d5d0e7fe85
parent ed6046a1e9
4 changed files with 21 additions and 3 deletions
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -29,3 +29,6 @@ Changes since 2.0.2
 13) Allow multiple saved configurations.

 14) Add %attr spec to /etc/init.d/shorewall in the .spec file.
+
+15) Fix rules that have bridge ports in both SOURCE and DEST. Update
+    comments in the rules file WRT "all" in SOURCE or DEST.
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -3357,7 +3357,7 @@ add_a_rule()
 	if [ $COMMAND != check ]; then
 	    if [ -n "$loglevel" ]; then
 		log_rule_limit $loglevel $chain $logtarget "$ratelimit" "$logtag" $userandgroup \
-		    $(fix_bang $proto $multiport $dest_interface $cli $sports $dports)
+		    $(fix_bang $proto $multiport $cli $dest_interface $sports $dports)
 	    fi

 	    if [ "$logtarget" != LOG ]; then
@ -3366,8 +3366,8 @@ add_a_rule()
 		       $cli $sports $dports $ratelimit $userandgroup -j RETURN

 		[ "$logtarget" != NONAT ] && \
-		    run_iptables2 -A $chain $proto $multiport $dest_interface \
-			$cli $sports $dports $ratelimit $userandgroup -j $target
+		    run_iptables2 -A $chain $proto $multiport $cli $dest_interface \
+			$sports $dports $ratelimit $userandgroup -j $target
 	    fi
 	fi
    fi
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -32,6 +32,13 @@ Problems Corrected since 2.0.2
 9) The file /etc/init.d/shorewall now gets proper ownership when the
   RPM is built by a non-root user.

+10) Rules that specify bridge ports in both the SOURCE and DEST
+    columns no longer cause "shorewall start" to fail.
+
+11) Comments in the rules file have been added to advise users that
+    "all" in the SOURCE or DEST column does not affect intra-zone
+    traffic.
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0.2 to Shorewall 2.0.3:

--- a/Shorewall2/rules
+++ b/Shorewall2/rules
@ -93,6 +93,10 @@
 #			excluded from the rule by following the zone name with
 #			"!' and a comma-separated list of sub-zone names.
 #
+#			When "all" is used either in the SOURCE or DEST column
+#			intra-zone traffic is not affected. You must add 
+#			separate rules to handle that traffic.
+#
 #			Except when "all" is specified, clients may be further
 #			restricted to a list of subnets and/or hosts by
 #			appending ":" and a comma-separated list of subnets
@ -123,6 +127,10 @@
 #			/etc/shorewall/zones, $FW to indicate the firewall
 #			itself or "all"
 #
+#			When "all" is used either in the SOURCE or DEST column
+#			intra-zone traffic is not affected. You must add 
+#			separate rules to handle that traffic.
+#
 #			Except when "all" is specified, the server may be
 #			further restricted to a particular subnet, host or
 #			interface by appending ":" and the subnet, host or